[clamav-users] [Clamav-devel] ClamAV® blog: ClamAV 0.101.1 Patch has been released
stern at rowland.harvard.edu
Wed Jan 9 10:35:48 EST 2019
On Wed, 9 Jan 2019, Micah Snyder (micasnyd) wrote:
> Hi Alan,
> It sounds like your system defaults to having the -Wall and -Wextra
> compiler flags enabled. We do indeed still have a lot of work to
> clean up warnings when building with -Wall and -Wextra, I certainly
> want to clean up all the warnings long term, but the other remaining
> ones are, to my knowledge, not as worrisome.
That makes sense.
> I wasn't actually able to reproduce the warning that Gary reported
> (with clang or gcc on Mac or Ubuntu 18), but a quick look at the code
> showed that the issue was real.
I got the same warning as Gary, as well.
> The "Variable may be used uninitialized" type warnings are more
> serious-sounding ones but if I recall correctly, they occur in the
> tomsfastmath 3rd party library code. It's on my to-do list to see if
> there's an update for that code as our copy hasn't been updated in a
I'm not sure which source files belong to that third party library.
The two non-bogus warnings I got were:
libclamunrar/arcread.cpp:32:3: warning: 'ReadSize' may be used uninitialized in this function
libclamunrar/rijndael.cpp:101:21: warning: 'uKeyLenInBytes' may be used uninitialized in this function
These seem to assume that an input variable takes on an allowed value;
I don't know if that assumption can always be guaranteed.
> The warnings in our own code regarding integers of different
> signedness are probably most concerning. I very much want to take a
> stab at cleaning those up as soon as I find time, but it will require
> much care and heavy regression testing as it can be very easy to
> break things when changing variable types.
Indeed. On-the-spot typecasting is less invasive but more awkward.
More information about the clamav-users